[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Authentication styles

To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: SOI QUESTIONS: 2.3 Authentication styles
From: Uri Blumenthal <uri@bell-labs.com>
Date: Thu, 20 Jun 2002 12:13:03 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <20020620151827.GC13288@think.thunk.org>
Organization: Lucent Technologies / Bell Labs
References: <E17KT7Z-0001L8-00@think.thunk.org> <200206190109.VAA17843@nwmail.wh.lucent.com> <20020620151827.GC13288@think.thunk.org>
Reply-To: uri@bell-labs.com
Sender: owner-ipsec@lists.tislabs.com

On Thursday 20 June 2002 11:18, Theodore Ts'o wrote:
> > I strongly disagree with the last statement, and consider it
> > technically incorrect. Remote access does not add perceptible
> > overhead (unless you want to first retrieve your PK and then run a
> > "normal" key exchange, but leave out how practical it is. Suffeces
> > to say that "legacy auth" today fits well enough into the standard
> > IKE).
>
> The overhead I was referring to here is protocol complexity overhead
> and implementation size overhead.  

My point exactly: there is no perceptible extra protocol complexity for 
adding "legacy auth". Neither cryptographic, nor protocol-wise.
Perhaps, configuration-wise...
-- 
Regards,
Uri-David
-=-=-<>-=-=-
<Disclaimer>

References:
- SOI QUESTIONS: 2.3 Authentication styles
  - From: "Theodore Ts'o" <tytso@mit.edu>
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Next by Date: RE: SOI QUESTIONS: 2.5 Plausible denaibility
Prev by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by thread: RE: SOI QUESTIONS: 2.3 Authentication styles
Index(es):
- Date
- Thread